@vitest/spy — Greenflagged

Lightweight Jest compatible spy implementation

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

antfupatakoreannoyyx990803vitestbot

Keywords

vitesttestmockspyintercept

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Package transitioned from vitestbot to GitHub Actions CI/CD publishing with SLSA provenance attestation — a legitimate and positive supply chain improvement for the vitest ecosystem.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): yyx990803 is Evan You, creator of Vue.js and core contributor to Vite/Vitest — a legitimate maintainer addition, not a takeover.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): vitestbot removal is consistent with transition to GitHub Actions CI/CD publishing; the bot account is no longer needed.	ai	2026/04/23
typosquat	typosquat.levenshtein:pg	AI (typosquat): @vitest/spy is a scoped package in the official vitest namespace; Levenshtein comparison to 'pg' is a false positive with no typosquat intent.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): Flagged maintainers (antfu, patak, yyx990803) are well-known legitimate OSS developers; no-deps and short README are normal for this compiled utility package.	ai	2026/04/22

Versions (showing 100 of 144)

Hide prereleases

Version	Deps	Published
4.1.7	0 / 0	2026-05-20
4.1.6	0 / 0	2026-05-11
4.1.5	0 / 0	2026-04-21
4.1.4	0 / 0	2026-04-09
4.1.3	0 / 0	2026-04-07
4.1.2	0 / 0	2026-03-26
4.1.1	0 / 0	2026-03-23
4.1.0	0 / 0	2026-03-12
4.0.18	0 / 0	2026-01-22
4.0.17	0 / 0	2026-01-12
4.0.16	0 / 0	2025-12-16
4.0.15	0 / 0	2025-12-02
4.0.14	0 / 0	2025-11-25
4.0.13	0 / 0	2025-11-21
4.0.12	0 / 0	2025-11-20
4.0.11	0 / 0	2025-11-20
4.0.10	0 / 0	2025-11-17
4.0.9	0 / 0	2025-11-14
4.0.8	0 / 0	2025-11-07
4.0.7	0 / 0	2025-11-04
4.0.6	0 / 0	2025-10-31
4.0.5	0 / 0	2025-10-29
4.0.4	0 / 0	2025-10-27
4.0.3	0 / 0	2025-10-24
4.0.2	0 / 0	2025-10-23
4.0.1	0 / 0	2025-10-22
4.0.0	0 / 0	2025-10-22
3.2.4	1 / 0	2025-06-17
3.2.3	1 / 0	2025-06-09
3.2.2	1 / 0	2025-06-05
3.2.1	1 / 0	2025-06-03
3.2.0	1 / 0	2025-06-02
3.1.4	1 / 0	2025-05-19
3.1.3	1 / 0	2025-05-05
3.1.2	1 / 0	2025-04-21
3.1.1	1 / 0	2025-03-31
3.1.0	1 / 0	2025-03-31
3.0.9	1 / 0	2025-03-17
3.0.8	1 / 0	2025-03-06
3.0.7	1 / 0	2025-02-24
3.0.6	1 / 0	2025-02-18
3.0.5	1 / 0	2025-02-03
3.0.4	1 / 0	2025-01-23
3.0.3	1 / 0	2025-01-21
3.0.2	1 / 0	2025-01-17
3.0.1	1 / 0	2025-01-16
3.0.0	1 / 0	2025-01-16
2.1.9	1 / 0	2025-02-03
2.1.8	1 / 0	2024-12-02
2.1.7	1 / 0	2024-12-02
2.1.6	1 / 0	2024-11-26
2.1.5	1 / 0	2024-11-13
2.1.4	1 / 0	2024-10-28
2.1.3	1 / 0	2024-10-14
2.1.2	1 / 0	2024-10-02
2.1.1	1 / 0	2024-09-13
2.1.0	1 / 0	2024-09-12
2.0.5	1 / 0	2024-07-31
2.0.4	1 / 0	2024-07-22
2.0.3	1 / 0	2024-07-15
2.0.2	1 / 0	2024-07-10
2.0.1	1 / 0	2024-07-08
2.0.0	1 / 0	2024-07-08
1.6.1	1 / 0	2025-02-03
1.6.0	1 / 0	2024-05-03
1.5.3	1 / 0	2024-04-30
1.5.2	1 / 0	2024-04-25
1.5.1	1 / 0	2024-04-24
1.5.0	1 / 0	2024-04-11
1.4.0	1 / 0	2024-03-15
1.3.1	1 / 0	2024-02-20
1.3.0	1 / 0	2024-02-16
1.2.2	1 / 0	2024-01-26
1.2.1	1 / 0	2024-01-17
1.2.0	1 / 0	2024-01-12
1.1.3	1 / 0	2024-01-05
1.1.2	1 / 0	2024-01-04
1.1.1	1 / 0	2023-12-31
1.1.0	1 / 0	2023-12-19
1.0.4	1 / 0	2023-12-09
1.0.3	1 / 0	2023-12-09
1.0.2	1 / 0	2023-12-07
1.0.1	1 / 0	2023-12-04
1.0.0	1 / 0	2023-12-04
0.34.6	1 / 0	2023-09-29
0.34.5	1 / 0	2023-09-21
0.34.4	1 / 0	2023-09-08
0.34.3	1 / 0	2023-08-25
0.34.2	1 / 0	2023-08-17
0.34.1	1 / 0	2023-08-01
0.34.0	1 / 0	2023-08-01
0.33.0	1 / 0	2023-07-06
0.32.4	1 / 0	2023-07-03
0.32.3	1 / 0	2023-07-03
0.32.2	1 / 0	2023-06-16
0.32.1	1 / 0	2023-06-16
0.32.0	1 / 0	2023-06-06
0.31.4	1 / 0	2023-06-01
0.31.3	1 / 0	2023-05-31
0.31.2	1 / 0	2023-05-30

Showing 100 of 144 Next page →

v4.1.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.